Bug 1883418 - [CNV-2.5] virt-handler fails to start due to a missing SEinux policy file
Summary: [CNV-2.5] virt-handler fails to start due to a missing SEinux policy file
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Container Native Virtualization (CNV)
Classification: Red Hat
Component: Virtualization
Version: 2.5.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: 2.5.0
Assignee: Daniel Belenky
QA Contact: Kedar Bidarkar
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-09-29 07:00 UTC by Lukas Bednar
Modified: 2020-11-17 13:25 UTC (History)
7 users (show)

Fixed In Version: hco-bundle-registry-container-v2.5.0-260 virt-operator-container-v2.5.0-58
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-11-17 13:24:55 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2020:5127 0 None None None 2020-11-17 13:25:06 UTC

Description Lukas Bednar 2020-09-29 07:00:55 UTC 
Description of problem:

[cloud-user@ocp-psi-executor ~]$ oc logs  -n openshift-cnv virt-handler-8nl2q
{"component":"virt-handler","hostname":"verify-25-jshxz-worker-0-2lbpt","level":"info","pos":"virt-handler.go:155","timestamp":"2020-09-29T06:55:25.601771Z"}
{"component":"virt-handler","level":"info","msg":"Starting collector: node name=verify-25-jshxz-worker-0-2lbpt","pos":"prometheus.go:483","timestamp":"2020-09-29T06:55:25.642959Z"}
{"component":"virt-handler","level":"info","msg":"STARTING informer kubeVirtInformer","pos":"virtinformers.go:251","timestamp":"2020-09-29T06:55:25.643078Z"}
{"component":"virt-handler","level":"info","msg":"STARTING informer extensionsKubeVirtCAConfigMapInformer","pos":"virtinformers.go:251","timestamp":"2020-09-29T06:55:25.643129Z"}
{"component":"virt-handler","level":"info","msg":"STARTING informer vmiInformer","pos":"virtinformers.go:251","timestamp":"2020-09-29T06:55:25.643144Z"}
{"component":"virt-handler","level":"info","msg":"STARTING informer configMapInformer","pos":"virtinformers.go:251","timestamp":"2020-09-29T06:55:25.643156Z"}
{"component":"virt-handler","level":"info","msg":"STARTING informer CRDInformer","pos":"virtinformers.go:251","timestamp":"2020-09-29T06:55:25.643166Z"}
{"component":"virt-handler","level":"info","msg":"certificate from /etc/virt-handler/clientcertificates with common name 'kubevirt.io:system:client:virt-handler' retrieved.","pos":"cert-manager.go:182","timestamp":"2020-09-29T06:55:25.643591Z"}
{"component":"virt-handler","level":"info","msg":"certificate from /etc/virt-handler/servercertificates with common name 'kubevirt.io:system:node:virt-handler' retrieved.","pos":"cert-manager.go:182","timestamp":"2020-09-29T06:55:25.646339Z"}
{"component":"virt-handler","level":"info","msg":"Updating cluster config to resource version '11380674'","pos":"config-map.go:457","timestamp":"2020-09-29T06:55:25.656342Z"}
{"component":"virt-handler","level":"info","msg":"SELinux is reported as 'enforcing'","pos":"virt-handler.go:326","timestamp":"2020-09-29T06:55:25.664788Z"}
panic: failed to install virt-launcher selinux policy: failed to copy policy /var/run/kubevirt/base_container.cil - err: failed to read a policy file /base_container.cil: open /base_container.cil: no such file or directory 

goroutine 1 [running]:
main.(*virtHandlerApp).Run(0xc002bf0360)
	/go/src/kubevirt.io/kubevirt/cmd/virt-handler/virt-handler.go:330 +0x253b
main.main()
	/go/src/kubevirt.io/kubevirt/cmd/virt-handler/virt-handler.go:453 +0x6e



Version-Release number of selected component (if applicable):
OCP-4.6.0-fc.8
HCO-v2.5.0-239


How reproducible: 100


Steps to Reproduce:
1. Install CNV
2.
3.

Actual results: virt-handler fails to start


Expected results: virt-handler running


Additional info:
It seems to be regression of https://bugzilla.redhat.com/show_bug.cgi?id=1770272
Comment 5 sgott 2020-10-01 11:52:43 UTC 
Steps to verify: observe that virt-handler is running.
Comment 6 Kedar Bidarkar 2020-10-06 17:48:14 UTC 
(cnv-tests) [kbidarka@kbidarka-host osdc]$ oc get pods -n openshift-cnv | grep virt-handler
virt-handler-gtc8n                                    1/1     Running   0          6h4m
virt-handler-wc6v9                                    1/1     Running   0          6h4m
virt-handler-wnhh8                                    1/1     Running   0          6h4m
(cnv-tests) [kbidarka@kbidarka-host osdc]$ oc get csv -n openshift-cnv 
NAME                                      DISPLAY                    VERSION   REPLACES                                  PHASE
kubevirt-hyperconverged-operator.v2.5.0   OpenShift Virtualization   2.5.0     kubevirt-hyperconverged-operator.v2.4.1   Succeeded

Summary: virt-handler pods are running fine and without any restarts.
Comment 9 errata-xmlrpc 2020-11-17 13:24:55 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Virtualization 2.5.0 Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2020:5127
Note You need to log in before you can comment on or make changes to this bug.